04-11-2018 02:00 PM - edited 03-08-2019 02:37 PM
Hello,
We are experiencing a lot of BAD_ADDRESSES in our DHCP scopes where 802.1x is enabled. The problem seems to stem from IPDT or Device Tracking depending on the version of IOS you have. This is not a unique issue to me.
There have been several proposed solutions:
So far nothing has worked in our environment.
The "probe delay" seems like it would be the easiest solution and it seems like that works mostly but only when there is a single switch/management-point for the site. When there are multiple switches or "stacks" each sending their own device tracking probes the problem seems to surface again.
The "use-svi" method does not work because our switches are L2-only so there is no SVI in the same VLAN/subnet as the 802.1x authenticated devices. We have the management SVI on a seprate/dedicated VLAN.
We have also disabled GARP on our Windows machines trying to stem this DHCP BAD_ADDRESS issue but we are coming up with nothing.
I was wondering if anyone else has seen and could confirm that what I am seeing is expected.
The "auto-source fallback override" solution MIGHT be the only working solution in our type of environment where there are multiple L2-only access switches. I have not gotten myself enough of the 3850 switches to verify this but I am working on that. The plan is to use a single assigned address for all device tracking probes. I really hope that works so I dont need to use an seprate auto-source fallback address for each switch.
Solved! Go to Solution.